Every business, regardless of size, faces challenges from a network security perspective, but the vulnerabilities exposed by today’s networked MFPs and printers are often overlooked. Here we look at six ways you can protect your network from attack.
Hackers and cybercriminals are using networked MFPs and printers as a route into organisations to steal confidential data stored on hard drives and other networked devices, cause malicious damage or disrupt business activities. An IDC report found that 25 per cent of IT security breaches that required remediation involved printers. The impact on productivity and profitability can be huge.
The risk posed by unsecured MFPs and printers is often misunderstood and ignored, or businesses simply lack the expertise and resources to start tackling the problem. A lack of awareness among users is also exacerbating the problem, as bad practices can expose documents and data to the risk of being compromised.
The steps that businesses need to take to create a consistent network security system, or print security policy, can be a time-consuming process. However, we feel that the following six steps offer a structured way to develop and introduce your own consistent network security framework.
1: User identification and authorisation
One of the most important steps to network security is to only allow known users to access networked devices like the printer. This can be achieved through user administration and authorisation.
- User identification: This is the process through which administrators give only registered users’ access rights to MFPs and printers. They must identify users using either local authentication based on a local user list, or network authentication through the authentication directory services. They also need to decide which business groups users belong to as well as enforcing a strong password policy.
- User authorisation: This is used to grant access to the organisations network assets and control their usage. For the print infrastructure, based on each user’s credentials, they can limit the access to specific people, restrict access to device functions, or completely block access. The administrator can also configure access to the device through the use of cards or fobs as used for door access.
For more complex environments, administrators can use complex Print Output Management solutions to control fleets of multiple devices that are connected through the Output Management system.
2: Secure the network
Any devices connected to the network are only as secure as the most vulnerable point on the network. So, controlling the use of Ports and Protocols is a very important part of maintaining network security. Through sensible configuration, IT administrators can prevent unwanted activities and potential attacks on the infrastructure. The techniques for ensuring secure communication between each device and the network include:
- Use IP filtering to limit the access to specific IP addresses as well as MAC (Media Access Control) filtering. This helps to protect your network and your communication channels by only allowing access through specified IP addresses or ranges.
- Disabling those ports and protocols not required for use on your network, provides an extra security layer and gives you more control over your network, by reducing the available routes for potential unauthorised access to your network assets.
- Ensure that IPSec (the Internet Protocol Security for secure and encrypted data exchange), TLS (the Transport Layer Security for encrypted data transmission) and HTTPS (the Hypertext Transfer Protocol Secure for secure network communication) are configured for the highest protection level you need.
3: Protect your data
There are two ways to ensure that the data stored on the hard disk drives (HDD) of MFPs and printers remains secure:
- Data Encryption is the procedure or functionality that encrypts documents using a complex 256-bit algorithm.
- Data Overwrite is the data erase option for a device’s HDD. It ensures that all data already stored on the drive and any electronic images of Printed, scanned or copied documents are permanently erased by being over-written up to 10 times.
For added peace of mind, Sharp also offers an end-of-lease/service option that ensures that any digital data left on a device is erased and the physical HDD destroyed.
4: Print confidential information securely
Confidential documents should only be printed using a secure procedure that prevents unauthorised access and copying. Typically, when a print job is submitted it will be held on the device’s HDD and will only be released once the users enters a PIN code or presents a fob or card, which will have been previously configured for access. Once the document has been printed all data is automatically erased from the HDD.
5: Remote monitoring and control
When introduced correctly, network security tools can give IT administrators total control of all networked devices, directly from their desktops. So, they can control an entire fleet of MFPs and printers and remotely manage many of the potential security threats.
Sharp MFPs have over 200 settings related to security available to help implement a Print Security Policy. To ensure that the device’s settings are always configured to follow the policy the remote monitoring tools can be used to audit the devices against the policy and alert the administrators to any deviations and even automatically reset the device to the required configuration.
The ability to clone devices also streamlines the work of administrators and provides added peace of mind, as any changes to device settings can be easily populated across the entire fleet.
6: Choose the right partner
There are many companies offering professional services related to network security and network peripherals, however, the level of expertise can vary significantly. Sharp takes network security seriously.
As a manufacturer, our information technology equipment is evaluated using guidelines specified for comprehensive Common Criteria certification. As a result, Sharp MFPs and printers with an embedded data security option have been independently assessed by the globally renowned Japan’s IT Security Evaluation and Certification system (JISEC). They have been certified as conforming to the latest Protection Profile for Hardcopy Devices v1.0 (HCD-PP v1.0) standard of the Common Criteria, which means that we can support customers handling the most sensitive data in the world.
Sharp’s comprehensive security offering, combining hardware and software products with our strong heritage in technical consultancy and Managed Print Services (MPS), can help your business meet the growing need for network security, and manage such industry changes as GDPR compliance.